The hidden cloud egress costs nobody flags

Every byte flowing through a NAT Gateway incurs a $0.045/GB processing charge, on top of the standard internet egress rate. This is separate from and additional to the egress fee itself. A NAT Gateway running 24/7 also costs $32.85/month in hourly charges. At 10TB/month, the processing fee alone is $450, often exceeding the base egress cost. If your NAT Gateway is in a different AZ from your workload, add another $0.01/GB for cross-AZ transfer.

Data moving between Availability Zones costs $0.01/GB in each direction, totalling $0.02/GB for a request-response round trip. With a standard 3-AZ architecture, roughly two-thirds of internal service-to-service communication crosses AZ boundaries. A microservices architecture with 10TB/month of internal traffic generates $100-200/month in cross-AZ charges. Load-balanced traffic automatically distributes across AZs, making this unavoidable for HA deployments.

API Gateway charges standard internet egress rates for data transfer out, on top of its per-request pricing ($1.00-3.50 per million requests). This is often overlooked because it appears as a separate line item from your EC2/Lambda egress in the bill. For APIs returning large payloads (file downloads, data exports, paginated lists), the data transfer charges can exceed the request charges. A REST API serving 10TB/month pays $900 in data transfer alone.

Application Load Balancers (ALB) and Network Load Balancers (NLB) charge data processing fees per GB of data processed. At $0.008/GB it seems small, but at scale it adds up. An ALB processing 50TB/month pays $400/month in processing fees alone, plus $16.43/month in hourly charges. NLB has similar data processing charges. These fees are charged on all traffic, not just internet-bound traffic.

Interface VPC Endpoints (for services like SQS, SNS, KMS, CloudWatch, ECR, etc.) charge both per-GB and per-hour fees. The hourly charge is approximately $0.01/hr per AZ, which is $21.90/month per AZ. In a 3-AZ setup, that is $65.70/month just for the endpoint to exist, before any data transfer. The per-GB charge of $0.01 applies to all data processed. However, Interface Endpoints can still save money by avoiding NAT Gateway processing fees ($0.045/GB).

Multi-region disaster recovery architectures incur cross-region transfer costs on all replicated data. S3 Cross-Region Replication, RDS read replicas, DynamoDB Global Tables, and Aurora Global Database all generate cross-region egress charges of $0.01-0.02/GB. A DR setup replicating 10TB/month between US and EU regions costs $100-200/month in transfer fees. These costs double if you replicate to more than one secondary region.

Is egress free within the same region on AWS?

It depends. Traffic within the same Availability Zone using private IP addresses is free. However, cross-AZ traffic costs $0.01/GB in each direction ($0.02/GB round trip), even within the same region. Since most production architectures use multiple AZs for high availability, this internal traffic adds up quickly. A service making 1 million requests per day across 3 AZs can generate hundreds of dollars in cross-AZ charges monthly, entirely invisible in headline egress rates.

What is cross-AZ data transfer cost on AWS?

Cross-AZ data transfer on AWS costs $0.01 per GB in each direction, totalling $0.02/GB for a round trip. This applies to all traffic between Availability Zones, including inter-service communication, database replication, and load-balanced traffic. With a typical 3-AZ architecture, approximately two-thirds of your internal traffic crosses AZ boundaries. This is one of the most commonly overlooked costs: a service processing 10TB/month internally can generate $100-200/month in cross-AZ charges alone.

How much does NAT Gateway cost on AWS?

AWS NAT Gateway charges $0.045 per GB for data processing plus $0.045 per hour for each gateway (approximately $32.85/month just for running). If your traffic also crosses AZ boundaries to reach the NAT Gateway, add another $0.01/GB. At 10TB/month through NAT Gateway, processing fees alone are $450/month, before any internet egress charges. For a detailed analysis and alternatives, see our dedicated NAT Gateway cost guide.

What are VPC endpoint costs?

VPC endpoints come in two types with very different pricing. Gateway endpoints for S3 and DynamoDB are completely free with no per-GB or hourly charges. Interface endpoints for all other AWS services cost $0.01 per GB of data processed plus approximately $0.01 per hour per AZ. A busy service using Interface endpoints across 3 AZs can cost $65/month in hourly charges alone, plus per-GB fees. Always use Gateway endpoints where available.

How do hidden costs affect my real egress rate?

Hidden costs typically add 50 to 200 percent on top of your base internet egress charges. A workload paying $0.09/GB for internet egress might actually pay $0.15-0.25/GB when NAT Gateway processing, cross-AZ transfer, and load balancer fees are included. The multiplier depends on your architecture: multi-AZ deployments with NAT Gateways see the highest hidden cost multipliers. Single-AZ deployments with VPC Gateway Endpoints have the lowest, but sacrifice availability.

How can I audit my architecture for hidden egress costs?

Start by reviewing your AWS Cost Explorer filtered by 'Data Transfer' charges. Look for NAT Gateway processing fees under the VPC section, cross-AZ charges appearing as 'Inter-AZ data transfer', and API Gateway data transfer charges. Enable VPC Flow Logs to understand traffic patterns between AZs. Check if you have VPC Gateway Endpoints enabled for S3 and DynamoDB. Review your load balancer data processing charges. Finally, audit NAT Gateway usage and consider alternatives like IPv6 or VPC endpoints for each traffic pattern.